Security

While the general perception is that a cloud is a cloud, that won’t be the case for government agencies. Experts revealed more specifics about federal, state and local migration to cloud computing during the first panel at AFCEA International’s Homeland Security Conference. Eventually a governmentwide cloud for all services and data may be created, but today, while some services can move to the cloud environment, others will require customized clouds. For example, email services are a good candidate for the cloud, but those agencies that require extra security are likely to create private clouds for data storage and exchange. The latter not only applies to the usual suspects of national security agencies but also to local and regional law enforcement agencies that need to restrict access and protect information during ongoing investigations

The public sector is inching closer to a more widespread adoption of cloud computing, with cost savings cited as the greatest driver for state, local and federal governments, and governments around the world. A new survey from auditing firm KPMG shows that more than 40 percent of government respondents globally say they are already testing or implementing cloud solutions, and nearly 30 percent are working on a cloud strategy.

What do you do if your cloud provider is breached? Well, hopefully you’ve already planned for it ahead of time in your cloud contract. At the RSA Conference 2012 on Tuesday, a session offered advice to cloud users on how to plan for cloud computing breaches in their cloud computing contracts. Contracts “are an important initial line of defense in dealing with breaches in the cloud,” said James Shreve, an attorney in the Washington, D.C. office of BuckleySandler LLP.

More than a year in the making, the National Institute of Standards and Technology issued Feb. 28 an initial public draft updating one of its premier special publications, SP 800-53: Security and Privacy Controls for the Federal Information Systems and organizations, which incorporates expanded privacy controls and addresses new threats that were unheard of when NIST issued revision 3 in 2009.

Cloud computing has the power to break down office walls by allowing teleworkers to be just as productive as their office-bound peers, advocates say. Others predict it will break the tyranny of the email inbox, replacing it with more collaborative communications and tear down procurement barriers that have kept federal technology stuck behind the private sector. At least that's the sunny vision painted by proponents of cloud computing, which essentially trades in the old model of computing as a commodity, where data and applications typically are stored on-site in a chilly basement, for a software-as-a-service model, where data and applications are kept in remotely managed computer banks. Cloud-based software and services are provided over the Internet and agencies pay only for what they need, much as they do for utilities like electricity and water. By centralizing computing and data storage for a dispersed workforce, managers also can more easily update and patch software and secure information more efficiently.

Systems integrator Harris Corporation announced Monday that it plans to shutter a secure public cloud computing service it began offering just last year, citing customers' preferences to keep "mission-critical" applications on premises.

Sir, Your Comment article by Richard Falkenrath (“Google must remember our right to be forgotten”, February 15) contained several misleading assertions. The piece suggested that through its Apps for Education programme, Google seeks to hold students’ data for ever and to make money from those data by integrating them with our other services. Google does not maintain users’ files indefinitely: users can delete their data at any time. Nor do we combine Apps for Education data with Google’s other services – including the provision of advertising – unless the account administrator chooses to switch on these services. Our new privacy policy will not change that.

The Department of Homeland Security is increasingly embracing agile development, several top DHS IT officials said Tuesday at the agency's 2012 IT Industry Day in Washington, D.C. The move is part of a larger effort at DHS to ensure that IT projects are delivered quickly, on time, and on budget. "Our reputation for delivering on time and on budget--let's just say we haven't historically gotten an A grade for that," DHS CIO Richard Spires said at the event.

At this month's Cloud Connect event, David Linthicum, CTO of Blue Mountain Labs, gave an informative one-hour talk on cloud architecture and design. It concluded with a list of 17 steps to getting it right. "Most of this is just common sense," he told the crowd. To a practiced architect it may be common sense, but to some first-time implementers, it's clearly a challenge. The fact that 17 steps are involved may indicate that when it comes to cloud computing, common sense may be less common than some imagine.